Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 May 2012 22:29:01 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: get_source() (was: memory usage within JtR and possible ways to significantly reduce it.)

With the correction on line 493, I see no other areas where ->source is used
without checking for it, with the exception of the regen_salt logic.  Any
format that will be using the regen_salt logic will likely have to have the
sources pre-allocated.

But all other uses of the pw->source are now properly protected by a pointer
check first.

>From: magnum [mailto:john.magnum@...hmail.com]
>I saw problems with the new code today. When trying to resume a session
>or --show=left, it segfaulted at line 493 in loader.c due to current_pw-
>>source being a NULL pointer (which is expected) sent to strcmp (which
>is problematic).


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ